Android M Security model

Transcript

1. Android M security model Roman Herasymenko Google Developer Expert@Yalantis

2. What do we currently have?

3. Problems - Installing applications based on trust - Unnecessary permissions

   (related functionality won’t be ever used) - Dangerous permissions (especially with paid SMS & calls) Many users won’t even download the app.

4. What is new here? - Permission groups - Normal permissions

   - Runtime permissions - Permissions can be accepted or denied in settings - We have to deal with denied permissions - User education

5. Permission groups Calendar Camera Contacts Location Microphone Phone Sensors SMS

   Storage

6. Normal permissions - Permission rating - normal - no risk

   to user’s privacy or security - 37 permissions are in this group - INTERNET, VIBRATE, WRITE_EXTERNAL_STORAGE, RECEIVE_BOOT_COMPLETED are in this group

7. –Anonymous Paranoiac “… it’s not even possible to revoke Internet

   access, even if we want to”

8. Runtime permissions Android 6.0 only

9. Permissions on settings All API versions

10. Denied permission with targetSdk < 23 - Android 6.0 won’t

    crash - Functions which need permissions will return an empty state value

11. Denied permission with targetSdk >= 23 - If your app

    is not ready to work with permissions, it will crash - Implement the new permissions model before release it with targetSdk >= 23

12. Intents without permissions - We can still use Intents without

    requesting permission for certain functions - ACTION_INSERT, ACTION_IMAGE_CAPTURE, ACTION_VIDEO_CAPTURE, etc.

13. Educate your user before asking for permission Clear Critical Unclear

    Secondary

14. User education (1) Educate before asking Ask up-front Ask in

    context

15. User education (2) Educate in context Provide an immediate benefit

    Ask only relevant

16. User education (3) Feedback for denied permission Critical permissions

17. How do we need to ask for permission? if (checkSelfPermission(Manifest.permission.READ_CONTACTS)

    != PackageManager.PERMISSION_GRANTED) { // Should we show an explanation? if (shouldShowRequestPermissionRationale(thisActivity, Manifest.permission.READ_CONTACTS)) { // Show an expanation to the user *asynchronously* } // No explanation needed, we can request the permission. requestPermissions(thisActivity, new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); } Asking for permission

18. How do we need to manage the result? @Override public

    void onRequestPermissionsResult(int requestCode, String permissions[], int[] grantResults) { switch (requestCode) { case MY_PERMISSIONS_REQUEST_READ_CONTACTS: { // If request is cancelled, the result arrays are empty. if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) { // permission was granted, yay! Do the // contacts-related task you need to do. } else { // permission denied, boo! Disable the functionality that depends on this permission. } return; } // other 'case' lines to check for other // permissions this app might request } } Handling result

19. Asking for permission - Using the framework (targetSdk = 23)

    - We have to check correct sdk version we’re using - Using v4 or v13 support libraries - v4 will check it internally

20. Permissions flow

21. None

22. Is it easy? - Implementation is easy, but the flow

    is a mess - User education adding more difficult to it - Reusing permissions in several parts of app makes this even more difficult

23. Support-v4

24. ContextCompat.checkSelfPermission(Context context, String permission) Checking for permission ActivityCompat.requestPermissions(final Activity activity,

    final String[] permissions, final int requestCode) Requesting for permission ActivityCompat.shouldShowRequestPermissionRationale(Activity activity, String permission) Checking if permission was denied before

25. Docs & articles

26. - Best practices - Requesting permissions in runtime - Permission

    groups - Exploring new permission model - Design patterns - Handling permissions removal

27. Thank you! Questions? @Aenterhy +RomanGerasimenko www.aenterhy.co